You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@subversion.apache.org by "Crucius, Wesley" <WC...@sandc.com> on 2005/06/14 16:54:10 UTC
Authorization problem
I am running version 1.1.1 (using Apache on W2k3 server) and having a
problem with my authorization file. What I want is to allow r/w access
to the whole repository except for one directory, where I want r/w
access for one group and then read-only access to a sub-directory of
that directory. Here's an approximation of the structure
http://my-server.com/svn/repos2
/proj one/...
/proj two/...
/proj three
/released/...
/trunk/...
So essentially I want to allow read/write access to everything for all
the groups with the following exceptions for "proj three" and it's
"sub-directories":
1. No access to "proj three" for apps-hwdev (they only know hardware
anyway...)
2. read-only access to only the "proj three/released" sub-dir for
apps-swdev (the lowly application developers)
3. read/write access to all of "proj three" for rtos-swdev (the
Real-Time Operating System "gods")
Here's the relavant section of httpd.conf:
<Location /svn/>
DAV svn
# Repository location
SVNParentPath E:/Apache2/svn/
# Repository Authentication Mechanism
AuthType Basic
AuthName "Subversion Repository"
AuthUserFile etc/svn-auth-file
AuthzSVNAccessFile etc/svn-access-policies
Require valid-user
</Location>
And here's svn-access-policies:
[groups]
apps-swdev = user1, user2
apps-hwdev = user3, user4
rtos-swdev = superuser1, superuser2
[repos2:/]
@apps-swdev = rw
@apps-hwdev = r
@rtos-swdev = rw
[repos2:/proj three/]
@apps-swdev =
@apps-hwdev =
@rtos-swdev = rw
[repos2:/proj three/released]
@apps-swdev = r
@apps-hwdev =
@rtos-swdev = rw
But this doesn't seem to work... For example, users in the group
"apps-swdev" can read "/proj three/trunk".
One suspicion that I had was that the spaces needed to be specified as
in URLs (so, "/proj%20three/" instead of "/proj three/"), but that
didn't seem to have any effect. Is there something about the order of
the sections in svn-access-policies?
My interpretation of page 102 of "THE BOOK" tells me that this should
work...
Can anyone help me see the error of my ways?
Thanks,
Wes